Описание
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
A high-performance ntpd instance that gets its time from unauthenticated IPv4 time sources may be vulnerable to an off-path attacker who can query time from the victim's ntpd instance. An attacker who can send a large number of packets with the spoofed IPv4 address of the upstream server can use this flaw to modify the victim's clock by a limited amount or cause ntpd to exit.
Отчет
All versions of ntp package shipped with Red Hat Enterprise Linux are affected by this flaw. However several mitigations exists, please refer to the mitigation section for more details.
Меры по смягчению последствий
- Have enough trustworthy sources of time.
- If you are serving time to a possibly hostile network, have your system get its time from other than unauthenticated IPv4 over the hostile network.
- Use NTP packet authentication where appropriate.
- Pay attention to error messages logged by ntpd.
- Monitor your ntpd instances. If the pstats command of ntpq shows the value for "bogus origin" is increasing then that association is likely under attack.
- If you must get unauthenticated time over IPv4 on a hostile network, Use restrict ... noserve to prevent this attack (note that this is a heavy-handed protection), which blocks time service to the specified network.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ntp | Out of support scope | ||
| Red Hat Enterprise Linux 6 | ntp | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ntp | Fixed | RHSA-2020:2663 | 23.06.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS3
Связанные уязвимости
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ...
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
Уязвимость реализации протокола синхронизации времени NTP, связанная с использованием недостаточно случайных значений, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.4 High
CVSS3